From owner-freebsd-questions Wed Jun 23 4: 5:42 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cotdazr.org (cotdazr.org [209.239.229.90]) by hub.freebsd.org (Postfix) with SMTP id 35BE114FD2 for ; Wed, 23 Jun 1999 04:05:39 -0700 (PDT) (envelope-from efb@cotdazr.org) Received: (qmail 24507 invoked by uid 10); 23 Jun 1999 11:05:35 -0000 Date: 23 Jun 1999 11:05:35 -0000 Message-ID: <19990623110535.24506.qmail@cotdazr.org> From: efb@cotdazr.org To: questions@freebsd.org Subject: /dev/bpf0, modload ? Cc: efb@cotdazr.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Trying to build a shadow intrusion detector on FreeBSD 2.2.8. It relies upon several pieces ( www.nswc.navy.mil/ISSEC/CID ) which are libpcap, a BPF interface, and tcpdump .. WHICH someone here prolly knows is dependent upon /dev/bpfN .. That is good for the experienced kernel savvy folk .. but I have to plead ignorance . . I remember that my F.BSD 2.0.5 did NOT as I got it support BPF .. so I will guess when I ls -l /dev/bpf0 and find a device present but try to run tcpdump (as root ) and get a tcpdump: /dev/bpf0: Device not configured message .. I will guess I need to find some knowledgebase docs on how to rebuild the kernel to include the /dev/bpfN .. NOT too obvious from /sys/...conf/GENERIC and friends ... DONT suppose I can modload what I need ? SO .. PLEASE send me to the right hacks list .. thanks /Everett/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message